I want to migrate a web application from a Windows Server 2003 to a Windows Server 2008 R2. All works fine except sending emails from the application.

If I configure the application to use the smtp server on "localhost" it works, but changing it to the "real" host name (e.g. mail.example.org) no mail is sent. The error message says, that the remote server needs a secure connection or smtp authentication. But since it works when using "localhost" instead of the host name I doubt that this is the problem.

Also it's unlikely a problem with the mail server, I also tried it with another one.

So for me it seems like the firewall is blocking the outgoing connection to the mail server. I tried to open port 25, but it still did not work. Maybe I just did it the wrong way.

Update:
For clarifying my setup:

I have a Windows Server 2008 R2 with hMailServer installed (set up for some of the hosted domains)

For the website I'm talking about I need to use an external mail server (totally different hosting provider)

Apparently I was a bit off the track. It seems like it works when using connecting to the local mail server either with the host name "localhost" or "mail.somedomain.com" (while somedomain.com is set up in my mail server). But when using the host name of the external mail server ("mail.externaldomain.com") it seems like it tries to connect to the local server again, although this domain is not set up in the mail server. Thanks to Evan Anderson for the tip to use telnet - why I have not thought of it myself?... :-)

Note, the website www.externaldomain.com is hosted on my server but the DNS entries are maintained by the other hosting provider. "externaldomain.com" is the only entry which points to my server all other records (MX, subdomains) are pointing to the other server.

So I think the question is now, how do i bring my server to connect to the external mailserver. Do I have to configure this in my mail server or is it a windows server thing?

I'll bite. If it says it needs a secure or authenticated connection why are you so certain it doesn't?
–
John GardeniersMay 13 '10 at 2:56

I am sure it needs no secure but an authenticated connection and I provide the appropriate credentials in the web.config file. The same credentials worked when running the application on my old server. Since the mail server is an external one, there should nothing have changed.
–
DaveMay 13 '10 at 18:13

3 Answers
3

Sniff the traffic (with Wireshark or Microsoft Network Monitor) and see what's really happening. You can probably glean whether or not a TCP connection to the mail server is being made with a netstat -a -n 1 | find ":25" running in a window on your server while you attempt to send email, but I'd go the sniffer route and put it to bed.

Its highly possible that the SMTP server does need authentication. You should run an SMTP transaction with TELNET "by hand" just to see what's happening. (You really should know how to do SMTP transport via TELNET...) Doing this from your server will have the added benefit of proving that the Windows Firewall isn't blocking outbound SMTP connection attempts, too.

Look at the traffic on wire and get to the bottom of the problem, rather than poking at it with a stick.

If it were a firewall you wouldn't be getting the error message that you're getting. A connection attempt is being made, it's just not successful. How was the old W2K3 server configured to send email to the email server? Was the W2K3 server on the "allowed to relay" list on the email server? If so, then you'll need to add the W2K8 server as well. Check the configuration of the W2K3 server for authentication settings, etc. and set the settings on the W2K8 server to match.

Is what you mean with "allowed to relay" what I asked in my last question? On the W2K3 server I just installed my mail server (it was MailEnable then) but did not make any special configuration. Where do you mean should I configure this settings?
–
DaveMay 13 '10 at 18:55

@Dave: The server you're sending email to is "relaying" that mail for your application on to the destination server. By default, the vast majority of mail server software doesn't allow unauthenticated relaying from remote computers. More than likely that's your problem now w/ the destination mail server-- it probably wants authentication since you're asking it to relay. Unauthenticated relaying is how spammers "recruit" innocent mail servers to deliver junk email, and as a result, operating an "open relay" is frowned upon by all of the rest of humanity.
–
Evan AndersonMay 13 '10 at 19:03

@Evan: I'm not sure if I understand you correctly. If you mean I have to provide the correct credentials for the relay server (="external server"?), that's what I do. But I don't even reach this server. When I tried to connect with telnet I was directed to my local mail server. The error "secure connection or smtp authentication" is thrown because there is no matching user/domain/password on my local mail server.
–
DaveMay 13 '10 at 20:06

@Dave: When you "TELNET", you choose what host to TELNET to. What are you doing, specifically, when you say you "connect with telnet"? If you execute the command "TELNET externalserver.domain.com 25" you're asking the OS to give you a TCP connection to "externalserver.domain.com", TCP port 25. Is the name of the external server resolving properly?
–
Evan AndersonMay 13 '10 at 21:18

@Evan: That's exactly the problem. When executing "TELNET externalserver.domain.com 25" I'm redirected to the local server. So there must be a DNS problem. I just checked the DNS cache and there is a wrong entry for "mail.externalserver.com". There were misleadingly DNS entries for the "externaldomain.com" at my current hosting providers control panel. I hope after deleting them all will work correctly.
–
DaveMay 13 '10 at 22:08

I finally solved the problem... Neither the firewall nor IIS nor the mail server caused the error. There were some superfluos entries in my hosting providers DNS. This caused the application to try to connect to the local mail server instead of the remote one. After deleting the wrong DNS entries all worked correct.

The problem was, that the DNS entries for my domain were maintained by another hosting provider but since in my providers DNS also were entries for this domain, they had priority for my web server.

So if you encounter similar problems, always think of pinging the remote host that seems not to work. And don't forget to flush your servers DNS cache after correcting the DNS entries (type "ipconfig /flushdns" in command prompt)